Daily NCSC-FI news followup 2021-11-28

North Korean hackers posed as Samsung recruiters to target security researchers

therecord.media/north-korean-hackers-posed-as-samsung-recruiters-to-target-security-researchers/ North Korean state-sponsored hackers posed as Samsung recruiters and sent fake job offers to employees at South Korean security companies that sell anti-malware software, Google said this week in the first edition of its new Threat Horizons report. “The emails included a PDF allegedly claiming to be of a job description for a role at Samsung; however, the PDFs were malformed and did not open in a standard PDF reader, ” Google said. If targets complained that they couldn’t open the job offer archive, the hackers offered to help by providing them with a link to a “Secure PDF Reader” app users could install.

Huge fines and a ban on default passwords in new UK law

www.bbc.com/news/technology-59400762 The government has introduced new legislation to protect smart devices in people’s homes from being hacked. Default passwords for internet-connected devices will be banned, and firms which do not comply will face huge fines.

Google: Half of compromised cloud instances have weak or no passwords

www.zdnet.com/article/google-half-of-compromised-cloud-instances-have-weak-or-no-passwords/ Online criminals are deploying cryptocurrency miners within just 22 seconds of compromising misconfigured cloud instances running on Google Cloud Platform (GCP).

InfoSec Handlers Diary Blog – Video: YARA Rules for Office Maldocs

isc.sans.edu/forums/diary/Video+YARA+Rules+for+Office+Maldocs/28078/ In this video, I show and explain the YARA rules I covered in diary entries “Extra Tip For Triage Of MALWARE Bazaar’s Daily Malware Batches”, “Simple YARA Rules for Office Maldocs” and “YARA Rule for OOXML Maldocs: Less False Positives”.

Ethän käytä mitään näistä salasanoista? Sinut voidaan hakkeroida alle sekunnissa

www.is.fi/digitoday/tietoturva/art-2000008418043.html Kirosanat ja ulosteet kelpaavat monen suomalaisen salasanaksi. Ehkä ei kannattaisi. Suomen suosituimmat salasanat on listattu. Salasanojen hallintasovellus NordPass julkaisi normaalin globaalin listansa lisäksi nyt myös maakohtaiset listat myös Suomesta. Meikäläisittäin top 20:ssä esiintyy useita kirosanoja ja myös ihan sitä itseään.

You might be interested in …

Daily NCSC-FI news followup 2021-11-23

New Windows zero-day with public exploit lets you become an admin www.bleepingcomputer.com/news/microsoft/new-windows-zero-day-with-public-exploit-lets-you-become-an-admin/ A security researcher has publicly disclosed an exploit for a new Windows zero-day local privilege elevation vulnerability that gives admin privileges in Windows 10, Windows 11, and Windows Server. BleepingComputer has tested the exploit and used it to open to command prompt with […]

Read More

Daily NCSC-FI news followup 2019-10-16

Phorpiex Botnet Sending Out Millions of Sextortion Emails Using Hacked Computers thehackernews.com/2019/10/phorpiex-botnet-sextortion-emails.html A decade-old botnet malware that currently controls over 450,000 computers worldwide has recently shifted its operations from infecting machines with ransomware or crypto miners to abusing them for sending out sextortion emails to millions of innocent people. Docker Containers Riddled with Graboid Crypto-Worm […]

Read More

Daily NCSC-FI news followup 2022-01-11

Microsoft Patch Tuesday – January 2022 isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+January+2022/28230/ Microsoft fixed 126 different CVEs with this month’s update (this includes the Chromium issues patched in Edge). Six of the issues were publicly disclosed, and nine are rated critical. Noteworthy updates: CVE-2022-21907: This is a remote code execution vulnerability in http.sys. http.sys is part of anything in windows […]

Read More